Secure South West 3: 16th December 2013

The third Secure South West (SSW3) event was hosted by Plymouth University on the 16th December 2013, and offered seven presentations delivered by experts drawn from industry and academia, and, for the first time, a panel session. The event was supported by our exhibitors Stem Group, Sapphire and Cryptshare.

Presentations/videos (where available) can be found below. PDF copies of slides are made available wherever possible and in most cases a video of the full talk can be accessed from Plymouth University's iTunes U site or our dedicated YouTube channel.

It has been over 11 years since the trustworthy computing promise was made by Bill Gates, what has happened in that time and what threats are impacting us today, and how can we defend against them.

Biography

Stuart has been with Microsoft since 1998 and is the Chief Security Advisor for Microsoft in the UK. Before his role as CSA he has worked as strategy consultant to a variety of UK Government customers, mostly within the defence arena. He has run a number of Government Programs with the UK including the Government Security Program, the Security Co-Operation Program and the Welsh Language Program. He still continues to run the UK GSP and SCP programs today.

Before joining Microsoft, Stuart worked as a consultant for ICL in their Power of 4 Consultancy, mostly focused in the defence and government spaces, prior to ICL he worked for Barclays Bank in a number of application development and IT infrastructure roles. He has been actively involved in computer security related activities since the early 1980's.

Information security has received an increasingly important focus with the fundamental assumption based upon approaches that make the organisation more secure. Less attention, however, has been given to the procedures, technologies and expertise required to handle an incident when it inevitably occurs. DIgital forensics is becoming increasingly utilised outside law enforcement as an approach to investigate and explore incidents in both a legally acceptable manner but also capitalising upon the technological capabilities that modern forensic tools provide.

This presentation will explore the advantages of developing a digital forensic capability, discuss the role of forensic readiness and explore the capabilities and limitations of modern forensic tools.

Biography

Dr Clarke is an Associate Professor in Information Security and Digital Forensics at the Plymouth University. Dr Clarke is also an adjunct Associate Professor at Edith Cowan University, Western Australia. His research interests reside in the area of information security, biometrics, forensics and intrusion detection. Dr Clarke has over 120 outputs consisting of journal papers, conference papers, books, edited books, book chapters and patents. He is the Chair of the IFIP TC11.12 Working Group on the Human Aspects of Information Security & Assurance Dr Clarke is a chartered engineer, a fellow of the British Computing Society (BCS) and a senior member of the IEEE. Dr Clarke is the author of Transparent Authentication: Biometrics, RFID and Behavioural Profiling published by Springer and Computer Forensics: A Pocket Guide published by IT Governance.

An overview of what we know about the scale and nature of cyber crime, exploring possible ways to improve our measurement and understanding of cyber crime. The presentation draws on findings from the recently published Home Office paper: Cyber crime: A review of the evidence.

Biography

Samantha Dowling is head of the Cyber Crime Research Team in the Home Office.

Despite increasing demand for cyber security roles, the industry is facing a deficit of skilled practitioners. Amanda Finch, General Manager of the IISP, examines the problem and the increasing complexity of the security task to be managed, and considers the contributions that the IISP is able to make in terms of promoting security professionalism.

Biography

Amanda Finch is general manager at the Institute of Information Security Professionals. A former board member and programme director of the institute, she has specialised in information security management since 1991, and was awarded 2007 European Chief Information Security Officer of the Year by Secure Computing magazine.

David and Goliath: arming the user with a sling against KeyloggersStefano Ortolani (Security Researcher - Kaspersky Lab)

Software keyloggers are a prominent class of privacy-breaching software often used to harvest confidential information. One of the main reasons for this rapid growth is the possibility for unprivileged programs to eavesdrop and record all user keystrokes. The ability to run in unprivileged mode facilitates their implementation to such an extent that new samples are a daily matter, making signature-based detection techniques considerably unfit to protect the user.

In this talk we show that a solution is still possible if we forsake signatures and embrace more advanced detection strategies. In particular we show that it is possible to easily model the behavior of a keylogger and trigger it upon request in a well-defined manner. Leveraging this property, we present a detection technique that simulates carefully crafted keystroke sequences in input and monitors the behavior of the keylogger in output to univocally identify it among all the running processes.

Biography

Stefano Ortolani joined Kaspersky Lab in 2012 as Security Researcher. Since then his responsibilities have included conducting scientific research in collaboration with universities and governmental agencies. His research interests comprise intrusion detection, malware analysis, systems security, and communications privacy.

Prior to joining Kaspersky Lab, since 2008 Stefano worked as a Systems Security Researcher at Vrije Universiteit Amsterdam, The Netherlands. As Ph.D. Candidate, he published a number of papers in international conference proceedings, as well as in international journals; he later earned his Ph.D. by successfully defending his dissertation titled "Keylogger Detection and Containment". Stefano also holds an MSc in Computer Science awarded summa cum laude from the Ca' Foscari University of Venice, Italy.

As more companies make the transition to cloud-based computing and storage, whilst continuing to grant ever more mobile working privileges to employees, what additional steps could and must be taken to ensure continued information security coverage? Is it possible to provide the same level of coverage, when compared to "traditional" information security? This talk will explore and address these questions, helping to shed light on requirements for this security evolution.

Biography

Becky Pinkard has had the pleasure of working in information technology since 1996 and began her current role with Pearson, PLC in September, 2013.

She is a SANS Institute certified instructor and began teaching for SANS in 2001. She has served as a GIAC Certified Intrusion Analyst advisory board member and on the Strategic Advisory Council for the Center for Internet Security. Becky is also a co-author of the Syngress books "Nmap in the Enterprise" and "Intrusion Prevention and Active Response, Deploying Network and Host IPS".

A security transformation expert, Becky has built and managed global security teams, designed risk assessment and compliance strategies, led security audits and assessments, and developed security awareness training in small and large environments.

Vulnerability Scanning - Making it work smarter so you can work less!John Stock (UK Technical Director - Outpost24 UK)

Many organisations today are implementing vulnerability scanning solutions; however gaining a useful outcome that will positively impact the business is an increasing challenge. In this presentation we will look at ways you can work smarter with your vulnerability scanning tools, establish a good scanning policy in order to get the most out of your current scanning solution. We will look at how a good policy is just as important as the scanning itself, understand how a well though out program can benefit everyone from a small company to a global enterprise, and try to ensure we can prove some of the ever elusive return on investment.

Biography

John Stock is a Senior Security Consultant at Outpost24, a global leader in vulnerability management. After graduating from the University of Plymouth, for 10 years John worked in various technical roles within EDF Energy, culminating as a Senior IT Security Engineer. John brings a unique perspective to the industry and is fully aware of the challenges organisation face when implementing a vulnerability management programme. His professional yet approachable demeanour enables him to easily communicate complex technical issues to all levels of the business, enabling senior management to understand the business impact of proper vulnerability scanning, while being able to communicate on a technical level with those requiring a more in-depth understanding. With Outpost24, John has spoken at many partner events in Europe on a wide range of subjects and always tries to keep his talks engaging for everyone involved. His jokes, however, have never improved.

PANEL: Future Challenges in Cyber Security

Cyber Security continues to pose challenges from a variety of technical and non-technical directions. This panel session seeks to explore some of the related issues, including the key cyber security challenges anticipated for the next 3-5 years, how to approach the security requirements of new technologies, and how to get people we need to make security work.